I am currently using KC to secure my FE application / API.
I would like to use it to secure my API in a context of server to server / machine to machine.
If I understand correctly I should use Client Credentials flow, but creating a client for each new customer doesn’t make sense (to me), is it the right way to go? (why shouldn’t I create a user with some kind of Id instead of email and treat a machine as a user?)
if so, there some metadata I am using on a user login level (e.g. attributes) which is needed as part of the authorization this metadata is needed for S2S as well, where should I manage it?
Thanks in advance.